WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Be wary if you are using a .ssh/known_hosts  (Read 170 times)

aus9

  • Guest
Be wary if you are using a .ssh/known_hosts
« on: August 21, 2020, 11:58:24 PM »
Try at own risk as I am not an expert. Recently I had created on my TC64....a hidden dir called .ssh containing initially 1 file config = copy of client config but called config. When you successfully connect with openssh....the known_hosts file is created, in that hidden dir

The trap for me was, I had previously connected to arm6 OS and was now attempting to connect a different image. The initial msg scared the heck out of me....until I read further and deleted that file and restarted the daemon.

Code: [Select]
ssh tc@192.168.1.13
SNIP
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!  SNIP
Someone could be eavesdropping on you right now (man-in-the-middle attack)! 
SNIP and more warnings until
It is also possible that a host key has just been changed
SNIP
Add correct host key in /home/tc/.ssh/known_hosts to get rid of this message.
ECDSA host key for 192.168.1.13 has changed and you have requested strict checking.
Host key verification failed.

after connecting I was able to confirm the timestamps etc and
Code: [Select]
cat /usr/local/etc/ssh/ssh_host_ecdsa_key.pubis a match to known_hosts with the first part = 192.168.1.13 ecdsa-sha2-nistp256 being on the top line
and then the "algorithm" below with no mention of root@box as showing on RPI. Its dropped on my TC64

Hope that helps someone if they swap TC RPi images 
« Last Edit: August 22, 2020, 12:00:06 AM by aus9 »

Offline Greg Erskine

  • Sr. Member
  • ****
  • Posts: 318
Re: Be wary if you are using a .ssh/known_hosts
« Reply #1 on: August 22, 2020, 03:46:02 AM »
Hi aus9,

Your warning was one day too late. The first time I saw this message was yesterday. Usually I only use piCorePlayer images so it don't see this message, but yesterday I was trying to connect to a RPi with a beta piCore image. So I thought the issue was accessing the RPi with piCorePlayer then the next time it had piCore loaded and the IP address was probably the same.

I just removed the offending line from known_hosts using vi.

I think $ ssh-keygen -R 192.168.1.xxx may have worked. I had removed the problem before I got a chance to test it properly.

I normally get this message:

Code: [Select]
The authenticity of host '192.168.1.xxx (192.168.1.xxx)' can't be established.
ECDSA key fingerprint is SHA256:tnQbsvd9F3mTRdmkQgQ2utEUoaEpy2hvMHrd5FU9D/U.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.xxx' (ECDSA) to the list of known hosts.

regards
Greg


« Last Edit: August 22, 2020, 04:08:38 AM by Greg Erskine »

Offline Paul_123

  • Administrator
  • Hero Member
  • *****
  • Posts: 617
Re: Be wary if you are using a .ssh/known_hosts
« Reply #2 on: August 22, 2020, 04:56:30 AM »
This is not unique to rpi, it is common to anyone using ssh constantly swapping images.   I see it almost daily.  As I test new images.

.ssh/known_hosts has been there for long long time.  Ssh tracks host fingerprints by pi address or hostname.  If you stick a new image in the same hardware, your dhcp server will likely assign the same IP address.  So when you connect you get the message.

The only difference is perhaps the message has got scarier over the years.  piCore 11 and 12alpha are using the very latest released OpenSSL/openssh.